Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.cyberlog-x


  • Please log in to reply
13 replies to this topic

#1 parkescpa

parkescpa

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 June 2008 - 03:37 PM

I have an HP Pavilion Slimline s7600n running windows xp. Booting up is extremely slow and a window pops up after startup stating I have probably been infected with the latest version of Spyware.Cyberlog-X. I have run Adaware, Spybot, Stopzilla, Smitfraudfix and Norton Internet Security but nothing seems to get rid of it. I have attached the Hijack This log. What else can I do?

Attached Files

  • Attached File  main.txt   22.74KB   33 downloads


BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 16 June 2008 - 11:43 PM

Hello parkescpa and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 17 June 2008 - 06:26 PM

Thanks OT.

I have attached the file you requested. What's next?

Kevin

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 17 June 2008 - 07:37 PM

Hi parkescpa. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
ddyxvzpk
Files to delete:
%appdata%\microsoft\dtsc\25479.exe
%systemroot%\system32\000070.exe
%systemroot%\system32\a15c.exe
%systemroot%\system32\clbdll.dll
%systemroot%\system32\drivers\rwbgxpgq.dat
%systemroot%\system32\spywarewarning.mht
%systemroot%\system32\spywarewarning2.mht
%systemroot%\system32\userinit.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%programfiles%\svconr
%programfiles%\temporary

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> a15c.exe -> %SystemRoot%\system32\a15c.exe
YY -> 25479.exe -> %AppData%\Microsoft\dtsc\25479.exe
[Driver Services - Non-Microsoft Only]
YY -> (ddyxvzpk) ddyxvzpk [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\rwbgxpgq.dat
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YY -> IEUpdate -> %SystemRoot%\system32\a15c.exe [C:\WINDOWS\system32\a15c.exe]
YN -> NI.UWA7P_0001_N91M0809 -> %SystemDrive%\documents and settings\demonomania\application data\winantiviruspro2007freeinstall[1].exe ["c:\documents and settings\demonomania\application data\winantiviruspro2007freeinstall[1].exe" -nag ]
YN -> PCDrProfiler -> []
YN -> RTHDCPL -> [RTHDCPL.EXE]
YN -> TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> IEUpdate -> %SystemRoot%\system32\a15c.exe [C:\WINDOWS\system32\a15c.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Aim6 -> []
YY -> IEUpdate -> %SystemRoot%\system32\a15c.exe [C:\WINDOWS\system32\a15c.exe]
YY -> Microsoft Windows Installer -> %AppData%\Microsoft\dtsc\25479.exe [C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\dtsc\25479.exe]
YN -> Svconr -> %ProgramFiles%\Svconr\Svconr.exe [C:\Program Files\Svconr\Svconr.exe]
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> IEUpdate -> %SystemRoot%\system32\a15c.exe [C:\WINDOWS\system32\a15c.exe]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
NY -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\ [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {22E9DC57-218A-48BF-A2AF-256CB6EE699E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\deskmo.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {7C2FC77A-AF76-4A75-AC16-B02A13829F34} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %UserProfile%\Start Menu\Programs\Nacy Dreww\Run IMVU.lnk [Run IMVU]
YN -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\Nacy Dreww\Run IMVU.lnk [Run IMVU]
YN -> CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search -> 
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\IEUpdate -> %SystemRoot%\system32\a15c.exe [C:\WINDOWS\system32\a15c.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger]
[Files/Folders - Created Within 30 days]
NY -> 000070.exe -> %SystemRoot%\System32\000070.exe
NY -> a15c.exe -> %SystemRoot%\System32\a15c.exe
NY -> clbdll.dll -> %SystemRoot%\System32\clbdll.dll
NY -> spywarewarning.mht -> %SystemRoot%\System32\spywarewarning.mht
NY -> spywarewarning2.mht -> %SystemRoot%\System32\spywarewarning2.mht
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 137 bytes -> %AllUsersProfile%\Application Data\TEMP:A988B257
NY -> Svconr -> %ProgramFiles%\Svconr
NY -> Temporary -> %ProgramFiles%\Temporary
[Files/Folders - Modified Within 30 days]
NY -> 000070.exe -> %SystemRoot%\System32\000070.exe
NY -> a15c.exe -> %SystemRoot%\System32\a15c.exe
NY -> 167 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> clbdll.dll -> %SystemRoot%\System32\clbdll.dll
NY -> spywarewarning.mht -> %SystemRoot%\System32\spywarewarning.mht
NY -> spywarewarning2.mht -> %SystemRoot%\System32\spywarewarning2.mht
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 137 bytes -> %AllUsersProfile%\Application Data\TEMP:A988B257
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 18 June 2008 - 05:34 AM

Hi OT,

Well whatever we did did not work too well. When the computer is re-booted it takes you to the welcome screen, which is fine. When I log in it says logging in with personal settings, which is fine. Then almost immediately it says logging off. I never get past the welcome screen.

What do you suggest next?

K

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 18 June 2008 - 11:53 AM

Hi parkescpa. Yup, that can happen. Let's try something.

Boot to the Recovery Console, directions here. type the following commands (pressing Enter after each command):cd\windows\servicepackfiles\i386
copy userinit.exe c:\windows\system32
Then type "Exit" (no quotes) and press the Enter key. The system should reboot. See what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 19 June 2008 - 11:22 AM

Hi OT,

The computer with the problem belongs to a friend. I do not have her original windows disk which was needed to run the Recovery Console. However, the computer is an HP and it had recovery type option if I press F10 when it is booting up. I did that and it looks like it went ahead and reinstalled windows. The computer now boots up fine the annoying popup window I was getting appears to be gone. WHat would you lkike me to do next?

K

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 19 June 2008 - 11:31 AM

Hi parkescpa. If it was the HP System Restore then yes it did reinstall Windows by wiping the hard drive and returning the machine to its original state. That being the case there shouldn't be anything on the system other than what HP originally installed on it. That would take care of any issues so you should be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 19 June 2008 - 04:29 PM

Hi OT,

It did reinstall windows but it did not wipe out the hard drive or restore it to its original state. For instance, it still has the programs Hijack This, OTScan It, etc. installed. But I will assume at this point everything is fixed and I will install firewall and antivirus software. Thanks for your help.

Kevin

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 19 June 2008 - 06:09 PM

Hi parkescpa. If any applications of files are still there then it was not a system restore. It might have jsut been a reinstall or a repair install. Let's see if anything is left on there:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 22 June 2008 - 03:45 PM

Hi OT,

Here is the scan results. It is telling me the attachment is too large which does not seem right
OTScanIt logfile created on: 6/22/2008 7:35:33 PM
OTScanIt by OldTimer - Version 1.0.15.15	 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
446.48 Mb Total Physical Memory | 98.52 Mb Available Physical Memory | 22.06% Memory free
1.03 Gb Paging File | 0.72 Gb Available in Paging File | 70.04% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.45 Gb Total Space | 151.22 Gb Free Space | 85.22% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.53 Gb Free Space | 5.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TARR
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 9/17/2005 3:27:12 AM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 9/17/2005 3:27:06 AM | Attr =	]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 202352 bytes | Modified Date = 9/17/2005 3:27:10 AM | Attr =	]
arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 7:08:48 AM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 12.0.5.3 | Size = 133792 bytes | Modified Date = 12/31/2005 1:42:18 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr =	]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 12:04:38 PM | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.7.0 | Size = 16239616 bytes | Modified Date = 6/13/2006 11:05:26 PM | Attr =	]
arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr =	]
dmascheduler.exe -> %ProgramFiles%\HP DigitalMedia Archive\DMAScheduler.exe -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 4/13/2006 12:05:00 PM | Attr =	]
discover.exe -> %ProgramFiles%\DISC\DISCover.exe -> Digital Interactive Systems Corporation [Ver = 3.33.2005.0406 | Size = 1073152 bytes | Modified Date = 4/7/2006 4:51:18 AM | Attr =	]
discupdmgr.exe -> %ProgramFiles%\DISC\DISCUpdMgr.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 65536 bytes | Modified Date = 4/7/2006 4:50:22 AM | Attr =	]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 7:44:24 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 9/17/2005 3:27:02 AM | Attr =	]
discstreamhub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 57344 bytes | Modified Date = 4/7/2006 4:50:22 AM | Attr =	]
updates from hp.exe -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 9/22/2006 2:43:11 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 2:24:20 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 9/22/2006 2:59:09 PM | Attr =	]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.1.2 | Size = 749696 bytes | Modified Date = 9/24/2005 6:10:56 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr =	]
discgui.exe -> %ProgramFiles%\DISC\DiscGui.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.0406 | Size = 237568 bytes | Modified Date = 4/7/2006 4:51:24 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 9/17/2005 3:27:06 AM | Attr =	]
(ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\ccPwdSvc.exe -> Symantec Corporation [Ver = 9.0.2.11 | Size = 72280 bytes | Modified Date = 10/13/2005 11:48:40 AM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 202352 bytes | Modified Date = 9/17/2005 3:27:10 AM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 9/17/2005 3:27:12 AM | Attr =	]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\comHost.exe -> Symantec Corporation [Ver = 9.0.5.5 | Size = 45744 bytes | Modified Date = 1/2/2006 4:18:24 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 1:24:18 PM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/21/2006 7:08:48 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 12.0.5.3 | Size = 133792 bytes | Modified Date = 12/31/2005 1:42:18 AM | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.1.2 | Size = 749696 bytes | Modified Date = 9/24/2005 6:10:56 PM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 131139 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr =	]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 5:22:48 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 2:24:20 PM | Attr =	]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 9/22/2006 2:59:09 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 5:53:00 PM | Attr =	]
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bb-run.sys -> Promise Technology, Inc. [Ver =  1.0.1.2 built by: WinDDK | Size = 17408 bytes | Modified Date = 11/5/2003 10:45:12 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 | Attr =	]
(ftsata2) ftsata2 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftsata2.sys -> Promise Technology, Inc. [Ver =  1.00.30.40 | Size = 175104 bytes | Modified Date = 6/29/2005 8:03:18 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/8/2005 3:07:18 AM | Attr =	]
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 241664 bytes | Modified Date = 12/6/2005 2:20:50 PM | Attr =	]
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 936448 bytes | Modified Date = 12/6/2005 2:20:40 PM | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5268 built by: WinDDK | Size = 4299264 bytes | Modified Date = 6/14/2006 2:04:12 PM | Attr =	]
(intelppm) Intel Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\DRIVERS\intelppm.sys -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 6:57:08 PM | Attr =	]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -> Symantec Corporation [Ver = 20061.1.0.14 | Size = 77864 bytes | Modified Date = 4/25/2006 12:00:00 PM | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.1.0.14 | Size = 799208 bytes | Modified Date = 4/25/2006 12:00:00 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 3535680 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr =	]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05024 | Size = 34176 bytes | Modified Date = 3/3/2006 6:31:02 PM | Attr =	]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05024 | Size = 13056 bytes | Modified Date = 3/3/2006 6:31:04 PM | Attr =	]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 8:27:00 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.20a | Size = 46080 bytes | Modified Date = 3/9/2006 2:00:00 PM | Attr =	]
(RT73) USB Wireless 802.11 b/g Adaptor Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.04.0000 | Size = 252928 bytes | Modified Date = 1/12/2006 10:46:28 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr =	]
(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 334984 bytes | Modified Date = 8/26/2005 5:22:48 PM | Attr =	]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 53896 bytes | Modified Date = 8/26/2005 5:22:50 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/10/2004 | Attr =	]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2,0,0,73 | Size = 389728 bytes | Modified Date = 9/15/2005 6:21:14 PM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.0.20 | Size = 108168 bytes | Modified Date = 9/17/2005 3:20:06 AM | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -> Symantec Corporation [Ver = 6.2.0.29 | Size = 199408 bytes | Modified Date = 9/1/2005 10:07:36 PM | Attr =	]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 9/22/2006 2:59:09 PM | Attr =	]
(winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 670208 bytes | Modified Date = 12/6/2005 2:20:42 PM | Attr =	]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 196240 bytes | Modified Date = 9/19/2005 2:23:52 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 2:19:16 AM | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["c:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 9/17/2005 3:27:02 AM | Attr =	]
DMAScheduler -> %ProgramFiles%\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 4/13/2006 12:05:00 PM | Attr =	]
ftutil2 -> %SystemRoot%\system32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 106496 bytes | Modified Date = 6/7/2004 5:05:38 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 9:11:42 AM | Attr =	]
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/16/2006 1:34:58 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8208 | Size = 7311360 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1519616 bytes | Modified Date = 5/9/2006 6:50:00 PM | Attr =	]
PCDrProfiler -> %ProgramFiles%\PC-Doctor 5 for Windows\RunProfiler.exe ["C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r] ->  [Ver =  | Size = 53248 bytes | Modified Date = 4/6/2006 9:17:58 PM | Attr =	]
Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] ->  [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/23/2005 1:14:00 AM | Attr =	]
Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> SoftThinks [Ver = 6, 0, 52, 2 | Size = 663552 bytes | Modified Date = 12/14/2004 5:23:44 AM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.7.0 | Size = 16239616 bytes | Modified Date = 6/13/2006 11:05:26 PM | Attr =	]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe ["c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"] -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 11/2/2004 6:59:52 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 4/24/2008 6:53:31 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Updates From HP.lnk -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 9/22/2006 2:43:11 PM | Attr =	]
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\IMVU.lnk -> %UserProfile%\My Documents\Science Project stuff\IMVU\IMVUClient.exe -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GSA-H20L________________S742____\5&349d9d64&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 100 bytes | Modified Date = 9/22/2006 2:37:50 PM | Attr =	]
.autoreg [] -> %SystemDrive%\.aut [ NTFS ] -> File not found
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr =  HS]
Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] ->  [Ver =  | Size = 53 bytes | Modified Date = 4/30/2004 12:01:14 AM | Attr =  HS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 1:19:50 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
trymedia.com .[http] -> Trusted sites -> 
trymedia.com .[https] -> Trusted sites -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 1:19:50 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/24/2005 6:12:08 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:12 PM | Attr =	]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr =	]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 9/22/2006 2:47:38 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 1:19:50 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 12.0.5.3 | Size = 140960 bytes | Modified Date = 12/31/2005 1:42:34 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 11:22:12 PM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:12 PM | Attr =	]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 11:22:12 PM | Attr =	]
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] ->  [Internet Connection Help] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{18C85DC3-8CE3-4D57-8EBA-5A49D6CF4D1C} ->	(USB Wireless 802.11 b/g Adaptor) -> 
{1E7F0BB9-0AB3-40F9-8800-1674AD369574} ->	(NVIDIA nForce Networking Controller) -> 
{4954BAE8-7AB5-4FD5-AF3D-644BFA4132D1} ->	(1394 Net Adapter) -> 
{892900FC-9814-4488-99C0-81491C1EE93D} ->	(HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/10/2004 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/10/2004 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/10/2004 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 936 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 96 57 8C E1 A2 F2 E5 E7 3E B1 AC C4 DF 3A 61 DD 35 64 33 64 32 33 34 32 00 00 00 00 3B 50 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 01 05 FE 5A 7E 9E 3D 63 02 38 E6 5D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> CF FB 93 94 E1 0A 80 B6 7F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 02 7D 1B 6F 8C 76  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 68 34 B3 A3 E2 4A A4 E3 15 4E 7C ED 8C A5 AC 9A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A2 A0 4A 68 CD D1 C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 DB 8F D1 7E C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 20 B8 81 8E 7E C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 DB 8F D1 7E C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 97 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 9/22/2006 2:43:11 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DISCover.exe -> %ProgramFiles%\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> Digital Interactive Systems Corporation [Ver = 3.33.2005.0406 | Size = 1073152 bytes | Modified Date = 4/7/2006 4:51:18 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DiscStreamHub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 57344 bytes | Modified Date = 4/7/2006 4:50:22 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\myFTP.exe -> %ProgramFiles%\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> Digital Interactive Systems Corporation, Inc. [Ver = 3.33.2005.406 | Size = 94208 bytes | Modified Date = 4/7/2006 4:50:16 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe -> %ProgramFiles%\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> Hewlett-Packard [Ver = Version 6.3.2 (Build 116R) | Size = 36903 bytes | Modified Date = 9/22/2006 2:43:11 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 7:39:49 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 7:39:49 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/17/2008 9:16:59 PM | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 6/19/2008 10:08:44 AM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/15/2008 3:37:48 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 468242432 bytes | Created Date = 6/19/2008 10:05:01 AM | Attr =  HS]
103C_HP_CPC_RC671AA-ABA s7600n_YC_0Pavi_QMXF641_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.04_T060907_WXP2_L409_M447_J200_7AMD_8Athlon 64_92.2_#061202_N_Z14F12F20_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_RC671AA-ABA s7600n_YC_0Pavi_QMXF641_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.04_T060907_WXP2_L409_M447_J200_7AMD_8Athlon 64_92.2_#061202_N_Z14F12F20_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK ->  [Ver =  | Size = 1830 bytes | Created Date = 6/19/2008 10:05:02 AM | Attr = RHS]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 6/19/2008 12:48:52 AM | Attr = RHS]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/15/2008 3:38:07 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 6/19/2008 1:30:24 AM | Attr =	]
Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job ->  [Ver =  | Size = 480 bytes | Created Date = 6/19/2008 10:04:34 AM | Attr =	]
HPCeeSchedule.job -> %SystemRoot%\tasks\HPCeeSchedule.job ->  [Ver =  | Size = 328 bytes | Created Date = 6/19/2008 10:04:45 AM | Attr =	]
Norton AntiVirus - Run Full System Scan - HP_Administrator.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job ->  [Ver =  | Size = 570 bytes | Created Date = 6/19/2008 10:45:44 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Fashion Solitaire 1.2 -> %AllUsersProfile%\Application Data\Fashion Solitaire 1.2 ->  [Folder | Created Date = 5/31/2008 11:13:31 AM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 5/31/2008 11:12:05 AM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 6/19/2008 10:02:41 AM | Attr =  HS]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
Intuit -> %AppData%\Intuit ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
iWin -> %AppData%\iWin ->  [Folder | Created Date = 5/31/2008 7:11:54 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =   S]
Real -> %AppData%\Real ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
Symantec -> %AppData%\Symantec ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
WinBatch -> %AppData%\WinBatch ->  [Folder | Created Date = 5/28/2008 9:28:59 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 139 bytes | Created Date = 6/19/2008 10:02:38 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 48376 bytes | Created Date = 6/19/2008 10:02:38 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 1970470 bytes | Created Date = 6/19/2008 10:02:38 AM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
Wildtangent -> %UserProfile%\Local Settings\Application Data\Wildtangent ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 87 bytes | Created Date = 6/19/2008 10:02:37 AM | Attr =  HS]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Created Date = 6/19/2008 10:02:34 AM | Attr = R  ]
3 Month Trial AOL Music Now.lnk -> %AllUsersProfile%\Desktop\3 Month Trial AOL Music Now.lnk ->  [Ver =  | Size = 1659 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
AOL 3 Months Included.lnk -> %AllUsersProfile%\Desktop\AOL 3 Months Included.lnk ->  [Ver =  | Size = 1964 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
Easy Internet Sign-up.lnk -> %AllUsersProfile%\Desktop\Easy Internet Sign-up.lnk ->  [Ver =  | Size = 1844 bytes | Created Date = 6/19/2008 10:00:43 AM | Attr =	]
eBay.lnk -> %AllUsersProfile%\Desktop\eBay.lnk ->  [Ver =  | Size = 1908 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
Get Vonage.lnk -> %AllUsersProfile%\Desktop\Get Vonage.lnk ->  [Ver =  | Size = 1841 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
HP Extended Service Plans.lnk -> %AllUsersProfile%\Desktop\HP Extended Service Plans.lnk ->  [Ver =  | Size = 1540 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
MSN.lnk -> %AllUsersProfile%\Desktop\MSN.lnk ->  [Ver =  | Size = 1857 bytes | Created Date = 6/19/2008 10:00:56 AM | Attr =	]
Netscape Browser.lnk -> %AllUsersProfile%\Desktop\Netscape Browser.lnk ->  [Ver =  | Size = 1756 bytes | Created Date = 6/19/2008 10:00:55 AM | Attr =	]
Quicken New User Edition 2006.lnk -> %AllUsersProfile%\Desktop\Quicken New User Edition 2006.lnk ->  [Ver =  | Size = 1580 bytes | Created Date = 6/19/2008 10:00:55 AM | Attr =	]
RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk ->  [Ver =  | Size = 908 bytes | Created Date = 6/19/2008 10:00:55 AM | Attr =	]
Snapfish for your photos.lnk -> %AllUsersProfile%\Desktop\Snapfish for your photos.lnk ->  [Ver =  | Size = 1622 bytes | Created Date = 6/19/2008 10:00:55 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/17/2008 7:05:09 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 6/17/2008 9:12:46 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/15/2008 3:34:56 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 6/15/2008 1:06:47 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 6/17/2008 7:18:32 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568240 bytes | Created Date = 6/17/2008 7:05:09 PM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Created Date = 6/10/2008 7:08:50 AM | Attr =	]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe ->  [Ver =  | Size = 1392671 bytes | Created Date = 6/10/2008 7:08:46 AM | Attr =	]
STOPzilla_Setup.exe -> %UserProfile%\Desktop\STOPzilla_Setup.exe -> iS3, Inc. [Ver = 5, 0, 7, 0 | Size = 292352 bytes | Created Date = 6/15/2008 1:32:35 PM | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 6/19/2008 10:02:35 AM | Attr =  HS]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 6/15/2008 1:06:47 PM | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent ->  [Folder | Created Date = 5/31/2008 5:15:51 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/17/2008 9:18:00 PM | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Modified Date = 6/19/2008 9:59:51 AM | Attr = RHS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 281 bytes | Modified Date = 6/19/2008 10:09:02 AM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 6/19/2008 10:09:00 AM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/15/2008 3:37:48 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 6/19/2008 10:02:32 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 468242432 bytes | Modified Date = 6/19/2008 10:05:01 AM | Attr =  HS]
hp -> %SystemDrive%\hp ->  [Folder | Modified Date = 6/19/2008 1:11:54 AM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 6/15/2008 3:38:01 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 6/22/2008 7:33:28 PM | Attr =	]
103C_HP_CPC_RC671AA-ABA s7600n_YC_0Pavi_QMXF641_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.04_T060907_WXP2_L409_M447_J200_7AMD_8Athlon 64_92.2_#061202_N_Z14F12F20_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_RC671AA-ABA s7600n_YC_0Pavi_QMXF641_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.04_T060907_WXP2_L409_M447_J200_7AMD_8Athlon 64_92.2_#061202_N_Z14F12F20_G10DE0241_OHL-DT-ST DVDRRW GSA-H20L.MRK ->  [Ver =  | Size = 1830 bytes | Modified Date = 6/19/2008 10:05:08 AM | Attr = RHS]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 1111 bytes | Modified Date = 6/19/2008 10:01:28 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 6/19/2008 10:04:56 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 6/19/2008 10:05:20 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 6/19/2008 10:05:08 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 184224 bytes | Modified Date = 6/19/2008 10:02:13 AM | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 43531 bytes | Modified Date = 6/19/2008 10:05:45 AM | Attr =	]
pcintro -> %SystemRoot%\System32\pcintro ->  [Folder | Modified Date = 6/19/2008 10:04:59 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53640 bytes | Modified Date = 6/19/2008 10:08:12 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 382022 bytes | Modified Date = 6/19/2008 10:08:12 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 441626 bytes | Modified Date = 6/19/2008 10:08:10 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 6/19/2008 10:02:25 AM | Attr =	]
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat ->  [Ver =  | Size = 247 bytes | Modified Date = 6/19/2008 10:05:36 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 6/19/2008 1:08:44 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/19/2008 10:02:18 AM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/15/2008 3:38:07 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 6/19/2008 1:08:50 AM | Attr = R S]
I386 -> %SystemRoot%\I386 ->  [Folder | Modified Date = 6/19/2008 1:11:41 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 6/19/2008 1:30:24 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 6/19/2008 10:05:23 AM | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 6/19/2008 9:59:59 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 6/19/2008 1:08:46 AM | Attr = R  ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 6/22/2008 7:34:40 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 6/19/2008 10:03:21 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 6/19/2008 9:59:11 AM | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 6/19/2008 10:08:38 AM | Attr =	]
smsafari.ini -> %SystemRoot%\smsafari.ini ->  [Ver =  | Size = 46 bytes | Modified Date = 5/31/2008 7:30:46 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 6/19/2008 1:11:54 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 6/19/2008 9:56:46 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 6/19/2008 10:08:12 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 6/19/2008 10:45:44 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 6/19/2008 10:11:37 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 6/19/2008 1:08:45 AM | Attr = R  ]
Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job ->  [Ver =  | Size = 480 bytes | Modified Date = 6/19/2008 10:04:35 AM | Attr =	]
HPCeeSchedule.job -> %SystemRoot%\tasks\HPCeeSchedule.job ->  [Ver =  | Size = 328 bytes | Modified Date = 6/19/2008 10:04:45 AM | Attr =	]
Norton AntiVirus - Run Full System Scan - HP_Administrator.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job ->  [Ver =  | Size = 570 bytes | Modified Date = 6/19/2008 10:45:44 AM | Attr =	]
Norton Internet Security - Run Full System Scan - demonomania.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - demonomania.job ->  [Ver =  | Size = 634 bytes | Modified Date = 6/2/2008 8:00:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/19/2008 10:45:44 AM | Attr =  H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 380 bytes | Modified Date = 6/19/2008 10:45:58 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs ->  [Folder | Modified Date = 6/19/2008 10:02:48 AM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 8/31/2005 12:06:38 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 8/31/2005 12:07:02 AM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 8/31/2005 12:15:10 AM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 8/31/2005 12:17:14 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 9/22/2006 1:46:08 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 9/22/2006 2:30:36 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5316 bytes | Modified Date = 6/19/2008 10:04:47 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5316 bytes | Modified Date = 6/19/2008 10:04:47 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 9/22/2006 2:34:49 PM | Attr =	]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 2572 bytes | Modified Date = 5/1/2008 4:47:14 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/1/2006 9:34:10 PM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 1/25/2008 9:48:12 PM | Attr =	]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp ->  [Folder | Modified Date = 6/22/2008 7:33:22 PM | Attr =	]
IadHide5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 116R) | Size = 24613 bytes | Modified Date = 9/22/2006 2:43:10 PM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 6/19/2008 10:11:37 AM | Attr =	]
Perflib_Perfdata_82c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_82c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/22/2006 2:32:33 PM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 6/19/2008 10:11:37 AM | Attr =	]
sdpintl.ini -> C:\WINDOWS\Temp\sdpintl.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 6/19/2008 10:00:48 AM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4XIROXIZ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4XIROXIZ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4XIROXIZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PANC9IV\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PANC9IV ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PANC9IV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1AF8L23\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1AF8L23 ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1AF8L23\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G9QNODAJ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G9QNODAJ ->  [Folder | Modified Date = 6/19/2008 9:58:42 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G9QNODAJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 6/19/2008 9:58:42 AM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Fashion Solitaire 1.2 -> %AllUsersProfile%\Application Data\Fashion Solitaire 1.2 ->  [Folder | Modified Date = 5/31/2008 4:11:32 PM | Attr =	]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 6/18/2008 9:38:42 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 5/31/2008 4:56:24 PM | Attr =	]
iWin -> %AppData%\iWin ->  [Folder | Modified Date = 5/31/2008 7:11:54 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 6/19/2008 10:06:44 AM | Attr =   S]
Real -> %AppData%\Real ->  [Folder | Modified Date = 6/19/2008 10:06:48 AM | Attr =	]
WinBatch -> %AppData%\WinBatch ->  [Folder | Modified Date = 5/28/2008 9:28:59 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 6/19/2008 10:07:19 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 6/22/2008 7:33:29 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 1970470 bytes | Modified Date = 6/17/2008 9:24:32 PM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 6/19/2008 10:27:18 AM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Modified Date = 6/19/2008 10:07:50 AM | Attr =	]
Global.sw2 -> %AllUsersProfile%\Documents\Global.sw2 ->  [Ver =  | Size = 2473 bytes | Modified Date = 6/14/2008 5:50:31 PM | Attr =	]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 6/19/2008 1:09:44 AM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Modified Date = 6/19/2008 1:09:43 AM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 6/19/2008 1:09:43 AM | Attr = R  ]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 6/19/2008 10:07:57 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 6/19/2008 10:08:36 AM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 6/19/2008 10:08:36 AM | Attr = R  ]
Easy Internet Sign-up.lnk -> %AllUsersProfile%\Desktop\Easy Internet Sign-up.lnk ->  [Ver =  | Size = 1844 bytes | Modified Date = 6/19/2008 10:04:34 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/17/2008 12:56:44 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 6/17/2008 9:08:12 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/15/2008 3:35:00 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 6/15/2008 1:06:47 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 6/17/2008 9:23:15 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568240 bytes | Modified Date = 6/17/2008 12:57:24 PM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Modified Date = 6/12/2008 6:55:02 AM | Attr =	]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe ->  [Ver =  | Size = 1392671 bytes | Modified Date = 6/10/2008 6:58:24 AM | Attr =	]
STOPzilla_Setup.exe -> %UserProfile%\Desktop\STOPzilla_Setup.exe -> iS3, Inc. [Ver = 5, 0, 7, 0 | Size = 292352 bytes | Modified Date = 6/15/2008 1:29:04 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 6/19/2008 10:45:30 AM | Attr =	]

< End of report >


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 23 June 2008 - 10:39 AM

Hi parkescpa. Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 parkescpa

parkescpa
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 June 2008 - 08:41 AM

HI OT,

Everything seems fine. What do I need to do for the final cleanup?

Kevin

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:13 AM

Posted 25 June 2008 - 10:56 AM

Glad to hear it parkescpa. Then let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users